HiJack log

[njustice]

Hello....I get a popup that say's "main Automation server cannot create object" so I did a search here and found that disabling SpywareBlaster might fix this error....it didn't work.

So I ran HiJackThis what do i need to remove:

Quote:

Here's my logfile from hijack this:
Logfile of HijackThis v1.97.7
Scan saved at 10:43:33 AM, on 11/22/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\PROGRA~1\ISP50\dialer\DIALER.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Aladdin Systems\StuffIt 7.5\stuffit.exe
C:\Program Files\Aladdin Systems\StuffIt 7.5\stuffit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Beth\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/.../my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/.../my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_5_0.dll
O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {E5B47851-7A20-412C-B952-9006D112AD2C} - C:\WINDOWS\SYSTEM32\bpnlud.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_5_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SpyStopper] C:\Program Files\SpyStopper\spystopper.exe
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O16 - DPF: ClientDownLoad3 - http://www.phonefree.com/download/ClientDownload3.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clie...nts/y/kt3_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clie...ts/y/cct0_x.cab
O16 - DPF: Yahoo! Exploder - http://download.games.yahoo.com/games/clie...nts/y/vtk_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clie...s/y/fltt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clie...nts/y/tt0_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clie...nts/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clie...ts/y/potb_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clie...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clie...ts/y/ywt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.ea.com/downloads/games/common/s...py/iesnoopy.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9BB641DB-045B-42B4-BAE2-CBAAD66B0CC4} (Spotlife Composer) - http://yahoo.spotlife.net/install/composer...23/SLCmpser.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...37338.273287037
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {A28DAC07-0D34-4A90-A0E6-CEE27208C86D} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://crazymates.com/ege/download/trial/setup.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{271207F4-5751-47E3-892D-D77B9CE7FBC9}: NameServer = 206.134.133.10 206.134.224.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{271207F4-5751-47E3-892D-D77B9CE7FBC9}: NameServer = 206.134.133.10 206.134.224.5

[Pieter_Arntz]

Hi njustice,

Can you find C:\WINDOWS\SYSTEM32\bpnlud.dll
rightclick it and choose Properties.
If it reads TC Module or IELoader Module, close all browser windows, check this line in HijackThis:
O2 - BHO: (no name) - {E5B47851-7A20-412C-B952-9006D112AD2C} - C:\WINDOWS\SYSTEM32\bpnlud.dll
and click Fix checked.
Then reboot and delete the file.

Regards,

Pieter

[njustice]

right clicked it and all it says on the Type of file is Application Extension.

[Pieter_Arntz]

Hi njustice,

Please download BHODemon from: http://www.definitivesolutions.com/bhodemon.htm and use it to disable bpnlud.dll
Let me know if that cures the errors.
Send the file to the address in my profile and I'll keep you posted on what I find out about it.

Regards,

Pieter

[njustice]

Will do Pieter....I went to my c: folder and followed the path to (C:\WINDOWS\SYSTEM32\bpnlud.dll) and right clicked on it. Is that the correct procedure?

[Pieter_Arntz]

Quote:

quoting: njustice link=board=17;threadid=16693;start=0#msg103427 date=1069547270]
Will do Pieter....I went to my c: folder and followed the path to (C:\WINDOWS\SYSTEM32\bpnlud.dll) and right clicked on it. Is that the correct procedure?

Hi njustice,

Yes, that´s the way.

Regards,

Pieter

[njustice]

Pieter the file in question didn't fix it, but this one did>C:\Program Files\ISP50\bin\BandObject.dll it is from PeoplesPC an ISP software.

[Pieter_Arntz]

Hi njustice,

Better check with your ISP what that is for (is it really needed?), then take that answer with a grain of salt as long as everything works OK.

I would still appreciate a copy of bpnlud.dll

TIA,

Pieter

[njustice]

Pieter, how would I go about sending you the file? Do I zip it up first then send to you?

Thanks, Njustice